When False Positives Waste Tech Team’s Time

When False Positives Waste Tech Team’s Time

As organizations struggle to enact a strategy that helps detect and prevent security threats, too many false positives burn up time and energy in IT departments.

Out-of-the-Loop C-Level Execs

34% of surveyed security pros said CEOs and other C-level executives are in the dark about cyber-attacks against their companies. But 63% admit their companies have been victimized by one or more advanced attacks during the past 12 months.

Necessary Intelligence Lacking

39% of respondents do not believe their company has the necessary intelligence to convince the C-suite about the threats the company faces.

Some Slow to Detect Attacks

21% of respondents say they took between 1-2 years to detect an attack. 21% took from 1-6 months to contain the breach.

Others Discover Attacks Within Hours

30% of companies discovered an attack between 1-8 hours after it occurred. 28% contained a breach in 1-8 hours.

Malware Remains a Challenge

68% of respondents say their security team spends a significant amount of time chasing false positives of malware attacks.

More About False Positives

On average, 29% of all malware alerts are investigated and on average 40% are false positives. Only 18% of respondents say their malware detection tool tells them the risk level for each incident.

Wide Range of Security Budget Expectations

The average cyber-security budget is $16 million, 34% of which will be allocated to incident response efforts. 50% of respondents say their budget will remain the same, 37% are expected to increase, and 13% expect it to decrease this year.

Activity Blindness Across Networks

67% of companies "lack visibility of threat activity" across their network.

Dearth of Expertise

Unnecessary Re-imaging of Endpoints

51% of respondents re-image endpoints based on malware detected in the network. 33% of these are done without knowing whether there really was an infection. Re-imaging is the time-consuming process of wiping out a device's information and reinstalling everything.

C-level executives are "completely in the dark" about cyber-attacks against their companies, yet IT professionals revealed their organizations have been victims of advanced attacks during the past 12 months. Many security pros do not believe their company has the necessary intelligence to convince the C-suite about the threats their company faces. They also are misled by false positives. The study, "The State of Malware Detection and Prevention in 2016," surveyed 597 IT and IT security practitioners in the United States responsible for directing cyber-security activities or investments within their organization. The Ponemon Institute conducted the study for Cyphort, which offers defense solutions for enterprise. Larry Ponemon, chairman and founder of the institute that bears his name, said "Companies are still struggling to have a strategy to prevent and detect malware and advanced threats. One recommendation is for organizations to significantly reduce the time spent on false positives and irrelevant threats in their network. The effective solutions are the ones that smartly combine next-generation network-based sandboxing and network behavior anomaly analysis."

Karen A. Frenkel writes about technology and innovation and lives in New York City.